A dashboard displaying aggregates and baselines computed across multiple entities along with detailed breakdown at the entity level.

User Risk Scoring & Monitoring

Monitor users and filter them via multiple risk scores such as insider risk percentile, external risk percentile, number of anomalies, number of threats and an overall user score.

Anomalies With Categories

Over 45 anomaly categories are available out-of-the-box — including Unusual Network Activity, Suspicious Data Movement, Unusual Activity Time and others — each of which can be custom scored for prioritization and suppressed for effective hunting and threat generation. All anomalies are triggered via machine learning algorithms.

Threats with Categories

Over 20 threat categories are available out-of-the-box — including Data Exfiltration, Lateral Movement, Compromised Account, Suspicious Behavior and others — which can be custom scored for prioritization. Customers can write their own use cases (threats) by directing the machine learning framework on what anomalies to stitch together and how. All threats are generated via machine learning algorithms.

Unsupervised Machine Learning

Multi-Dimensional Behavior Baseline

Historical and real-time data assists with the creation of behavior baselines such as probabilistic suffix trees, counts over multiple time-series and more — which helps with identifying outliers and provides visibility into organizational metrics.

Network Behavior Analysis

Two Premium Solutions Working Together

By combing Splunk ES and Splunk UBA, organizations gain maximum value to detect and resolve threats and anomalies via the power of human-driven and machine-driven solutions.

Why Splunk for User and Entity Behavior Analytics?

Splunk UBA augments your existing security team and makes them more productive by finding threats that would otherwise be missed due to lack of people, resources and time. Its powerful machine-learning framework, customizability and breadth of use cases helps organizations with the automated detection of unknown threats and anomalous behavior. Splunk UBA seamlessly integrates with Splunk Enterprise and Splunk Enterprise Security to help with end-to-end incident or breach resolution.